file-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes 'fd', 'rg', and 'fzf' via the Bash tool to search the filesystem. These are standard tools, and their use is consistent with the skill's primary purpose.
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection (Category 8). * Ingestion points: File names and contents are read from the local filesystem via 'fd' and 'rg' as shown in 'SKILL.md'. * Boundary markers: The skill does not define specific markers to wrap search results or instruct the agent to ignore instructions within searched files. * Capability inventory: The skill is explicitly allowed to use the 'Bash' tool according to the YAML frontmatter. * Sanitization: There is no evidence of sanitization or filtering of the content retrieved from searched files before it enters the agent context.
Audit Metadata